[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 24/28] apic: kvm-apic: Fix crash due to access to fre
From: |
Eduardo Habkost |
Subject: |
[Qemu-devel] [PULL 24/28] apic: kvm-apic: Fix crash due to access to freed memory region |
Date: |
Wed, 20 Jul 2016 12:08:30 -0300 |
From: Igor Mammedov <address@hidden>
kvm-apic.io_memory memory region had its parent set to NULL at
memory_region_init_io() time, so it ended up as a child in
/unattached contaner.
As result when kvm-apic instance was deleted, the child property
/unattached/kvm-apic-msi[XXX] contained a reference to
kvm-apic.io_memory address which was freed as part of kvm-apic.
Do the same as 'apic' and make kvm-apic instance the owner
of the memory region so that it won't end up in /unattached
and gets cleanly released along with related kvm-apic instance.
Signed-off-by: Igor Mammedov <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Eduardo Habkost <address@hidden>
---
hw/i386/kvm/apic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index c5983c7..1f87e73 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -184,8 +184,8 @@ static void kvm_apic_realize(DeviceState *dev, Error **errp)
{
APICCommonState *s = APIC_COMMON(dev);
- memory_region_init_io(&s->io_memory, NULL, &kvm_apic_io_ops, s,
"kvm-apic-msi",
- APIC_SPACE_SIZE);
+ memory_region_init_io(&s->io_memory, OBJECT(s), &kvm_apic_io_ops, s,
+ "kvm-apic-msi", APIC_SPACE_SIZE);
if (kvm_has_gsi_routing()) {
msi_nonbroken = true;
--
2.5.5
- [Qemu-devel] [PULL 15/28] pc: Set APIC ID based on socket/core/thread ids if it's not been set yet, (continued)
- [Qemu-devel] [PULL 15/28] pc: Set APIC ID based on socket/core/thread ids if it's not been set yet, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 16/28] pc: Delay setting number of boot CPUs to machine_done time, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 17/28] pc: Register created initial and hotpluged CPUs in one place pc_cpu_plug(), Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 18/28] pc: Forbid BSP removal, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 19/28] pc: Enforce adding CPUs contiguously and removing them in opposite order, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 20/28] pc: cpu: Allow device_add to be used with x86 cpu, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 21/28] pc: Implement query-hotpluggable-cpus callback, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 22/28] apic: move MAX_APICS check to 'apic' class, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 23/28] apic: Drop APICCommonState.idx and use APIC ID as index in local_apics[], Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 25/28] (kvm)apic: Add unrealize callbacks, Eduardo Habkost, 2016/07/20
- [Qemu-devel] [PULL 24/28] apic: kvm-apic: Fix crash due to access to freed memory region,
Eduardo Habkost <=
- [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Eduardo Habkost, 2016/07/20
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Amit Shah, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Igor Mammedov, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Amit Shah, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Igor Mammedov, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Amit Shah, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Igor Mammedov, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Igor Mammedov, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Eduardo Habkost, 2016/07/26
- Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id, Igor Mammedov, 2016/07/27